We then copy the output, f105429be7c7a3518f9376b3de4f0f1d, which is our MD5 Digest password. Copy it somewhere safe, you will need it in a moment.

Now, in our tomcat-users.xml file, replace the plain text password we created 'BlogSpot' (or whatever you used) with the SHA or MD5 Digest password you generated above. I'm going to use SHA.

[root@server1 conf]# vi tomcat-users.xml

Finally, we need to make an adjustment to our server.xml file, located in the Tomcat conf directory, so Tomcat knows we are using a Digest password as well as the Digest algorithm we selected (SHA or MD5).

In your server.xml file, look for this section:

At the end of the entry, we add: digest="sha" as shown below if we used the SHA Digest Algorithm.

If we used the MD5, we add digest="md5" as shown below.

We have now created the manager role, added a user with password to the manager role, as well as encrypted our user password using MD5 or SHA Digest.

Later we'll look at JDBC and JNDI security Realms, as well as other measures for securing your Tomcat installation.